Skip directly to content

Catch Of The Week: Software Vulnerabilities - Stay Up To Date

on June 25, 2019 - 6:44pm
By BECKY RUTHERFORD
Los Alamos

Two significant vulnerabilities have recently caused headaches for users; an issue with Dell’s SupportAssist and a Windows vulnerability known as BlueKeep.

It’s essential to check your operating system (OS) and software regularly and make sure they are up to date. New flaws and “patches,” software fixes for the flaws, are released all the time. Be sure you are always running the most up to date versions of your OS and other software to protect yourself.   

Dell SupportAssist Vulnerability

Own a Dell PC running Windows 10? Your computer probably came with SupportAssist, a utility that comes pre-equipped with most Dell computers that are meant to help resolve issues. SupportAssist is used by millions of Dell customers and was meant to help keep Dell computers safe and up to date. Unfortunately, the company just disclosed a major vulnerability in SupportAssist that users need to take action to fix ASAP.

The vulnerability affects older versions of SupportAssist. Users must update to the latest versions: Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2.   

The flaw comes from a third-party component in SupportAssist called PC-Doctor Tool Box. The Tool Box software is installed on hundreds of millions of machines under various names; it is unclear which other PC-Doctor products may be affected.  

Why is this such a big deal? Part of the SupportAssist service called “Dell Hardware Support” runs on Windows 10 PCs with administrative level privileges. SupportAssist seeks out several software libraries (Dynamic Link Libraries- DLL) that a rogue user with local access could use to replace the system's DLL with a malicious file of their own.

The program does not validate whether the DLL is signed, and the program will load an arbitrary, unsigned DLL. This flaw would allow an attacker with access to your machine to execute malicious code as an admin, and once they do that, they can own your device.   

If you own a Dell with SupportAssist installed, make sure that your computer is set to update automatically and check to see if you are running the most current version of Support Assist: Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2.

If you are running an older version, you can download and install the most up to date version from Dell’s website.

Windows BlueKeep Vulnerability

A major Windows vulnerability has been in the news lately: BlueKeep. The FBI, United States Computer Emergency Readiness Team (U.S. CERT) and the NSA have issued advisories to the public urging users to update to protect against this high-level bug. Microsoft has issued multiple warnings and released updates to fix the problem for older versions of Windows, even versions that have been unsupported for years.

Yes, it’s that bad!

If you are running any version of Windows older than Windows 10, 8 or 8.1, this affects you, and you need to update ASAP. Machines running Windows 2003, XP, 7, or Windows Server 2008 and 2008 R2 are at risk.

BlueKeep is a security vulnerability present in the Windows OS that can be exploited remotely. It is technically classified as a “Remote Desktop Services Remote Code Execution Vulnerability”. It is considered a “wormable” vulnerability, which means it can self-replicate and infect many machines on a network. Microsoft has classified this vulnerability as critical, meaning it is severe and needs to be fixed immediately.

There are already Proof of Concept (PoC) exploits that have been demonstrated by security researchers; the threat is real.

Do you remember the WannaCry attack in 2017 that took advantage of the EternalBlue vulnerability? WannaCry ransomware spread from machine to machine across the world, shutting down most of the National Health System (NHS) in the U.K. In total, WannaCry affected 200,000 computers across 150 countries. WannaCry also was a “wormable” attack, able to quickly spread across networks, which is why it was so devastating.

This attack affected organizations that had failed to install Microsoft’s update meant to fix the problem. A similar scenario could play out with BlueKeep if users don’t heed warnings to patch. Since the vulnerability is “wormable”, it could spread quickly across business and home networks.

With this many warnings to the public, users need to pay attention. Patching this flaw is not something you can put off; if you are running an affected version of Windows, download the update available from Microsoft and fix this today.  

Software vulnerabilities are a constant and ever-changing threat, these both represent high or critical severity risks to your security. If you own a computer, you need to take steps to ensure that your machine is being updated regularly. It can be simple, go into system settings and make sure that automatic updates are enabled. While there are some risks of issues if you apply an update too soon, it is better than trying to remember to manually update every month or as new fixes are disclosed for vulnerabilities. Make it easy for yourself and make it harder for hackers to exploit these vulnerabilities to take over your network.   

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Resources:

Dell SupportAssist:

https://www.dell.com/support/contents/us/en/04/article/product-support/s...

https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-del...

NSA Advisory on BlueKeep:  

https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865... ty-advisory-patch-remote-desktop-services-on-legacy-versions-of/

Microsoft Information on BlueKeep:

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-up... op-services-cve-2019-0708/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...

WannaCry Attack:

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack


Advertisements